Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!simtel!swidir.switch.ch!scsing.switch.ch!news.belwue.de!news.dfn.de!Germany.EU.net!howland.reston.ans.net!news.cac.psu.edu!news.math.psu.edu!hudson.lm.com!newsfeed.pitt.edu!gatech!news.mathworks.com!news.kei.com!babbage.ece.uc.edu!news.cinenet.net!island.interverse.com!user From: iverse@cinenet.net (Richard Gilligan) Newsgroups: comp.unix.bsd.bsdi.misc Subject: Disturbing Security Problem Date: Mon, 14 Aug 1995 18:35:33 -0800 Organization: Cinenet Communications,Internet Access,Los Angeles;310-301-4500 Lines: 14 Message-ID: <iverse-1408951835330001@island.interverse.com> NNTP-Posting-Host: island.interverse.com Today at about 3:00 all of the passwords disappeared from the BSDi system I am administering. Login was possible using any valid user name -no pass word was required. Any user could SU to root with out a password regardless of their group. This machine is shared by 10 users with accounts and passwords and is connected to the internet running httpd, telnet, ftp, smtp. Has anyone ever had this happen? Is it a mistake I made or have we been attacked? If it happened to you how would you go about investigating what might have happened? Most important- I would greatly appreciate advice on how to clean up after such an episode. (I feel unclean) Thanks in advance for your help, Richard Gilligan